THE TIBERIUM BLOG - recent events, threats, and all things cyber

Diamond Life – Smooth Operator

Diamonds are a geek’s best friend

You will no doubt have heard about the Russian ransomware gang called Conti (or something like that) which has spent the last year ransoming critical national infrastructure and national health services including the Irish Health and Safety Executive (HSE)

Following a meeting between POTUS Biden and Vlad, where it is reported that Biden asked Vlad to get the Russian ransomware crews in hand, the Conti group apparently released a decrypt key for free to the HSE and we pondered if this was direct intervention by the Russian President and what would happen next

Presumably following a large investment with a corporate rebranding outfit, the Conti group are back with a different target profile. This week they started releasing details of customers of the high-end jewellers Graff. So far 69,000 documents have been released which Conti claim is just one per cent of the data stolen which includes details of purchases, addresses, billing etc. from the world of the wealthy including Donald Trump, the Beckhams, Oprah Winfrey and of course, serial diamond buyer Frank Lampard. 

As rebrands go, from hospitals with sick children to diamond providers to the rich and famous represents a marked change in direction and you can almost feel world+dog shrugging their shoulders in a ‘so what’ manner.  

We would advise against complacency because the Conti group are notorious for mood swings and changes of direction, presumably as a new BossMan ousts the previous Pakhan.  

Instability in the Conti group was brought to light last year when a former member released the group’s internal ‘how to hax’ manuals on GitHub. The release has been analysed the world over and appears genuine with some great tools and techniques for the aspiring hacker. If you fall into this camp or would like to see the details of how these gangs operate read one of the many reviews or just download the content from Github. Just don’t do us anything naughty, will you? 

Also in the news this week was that the security team at Microsoft had discovered and disclosed a zero-day Apple OSX bug named ‘Shrootless’, now patched, which would have enabled an attacker to bypass Apple’s sandbox System Integrity Protection (SIP). 

At first reading, it would be easy to think that this is indicative of tit-for-tat manufacturer activity, but in fact, it is just Microsoft doing their security research properly in order to tune and develop the Microsoft Defender for Endpoint on Mac, which is a very powerful and compelling product indeed. 

Tiberium’s FROST and MYTHIC services now support response actions (isolate, investigate, scan) on macOS and Linux via Defender. This is a great step forward and will enable us to better support our customers in environments with both Microsoft and macOS

Frost and Mythic

We would very much like to show you how our automated actions (and everything else) works and would appreciate it if you would contact us for a demonstration and to see how we can help you. 

It isn’t all plain sailing for the ransomware gangs these days. Last week Europol announced it had arrested twelve ‘high-value’ individuals from the LockerGogo gang. A fine piece of work. More of the same, please. 

As ever we are always available to help or advise you on matters cyber and please do not hesitate to get in touch should you have an issue or just want to talk something over. 

The song Smooth Operator was from Sade’s first album Diamond Life. It includes the lyrics ‘He moves in space with minimum waste and maximum joy. Add the word cyber and that is exactly what the criminals. Get yourselves protected. 

Blog subscription banner
Share on: